WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
274927
[GTK] UI process crash in gtk_accessible_update_children
https://bugs.webkit.org/show_bug.cgi?id=274927
Summary
[GTK] UI process crash in gtk_accessible_update_children
Michael Catanzaro
Reported
2024-05-30 14:14:07 PDT
Visit
https://pwg.org/printers/
in Epiphany Tech Preview using WebKitGTK 2.45.3. Click on the "Make, model, etc." search entry, press Ctrl+W to close the page. The UI process will crash. This is obscuring
bug #272248
, a web process crash that occurs when following the same steps. (gdb) bt #0 0x00007f0468aeb2bd in gtk_accessible_update_children (self=0x55857cade850, child=child@entry=0x55857d3cdad0, state=state@entry=GTK_ACCESSIBLE_CHILD_STATE_REMOVED) at ../gtk/gtkaccessible.c:1334 #1 0x00007f0468cc8176 in gtk_widget_unparent (widget=0x55857d3cdad0 [GtkPopover]) at ../gtk/gtkwidget.c:2560 #2 0x00007f046448c533 in WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk (this=0x7f04595480c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp:113 #3 WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk (this=0x7f04595480c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp:102 #4 0x00007f04643389fc in WTF::RefCounted<WebKit::WebDataListSuggestionsDropdown>::deref (this=0x55857cade858) at WTF/Headers/wtf/RefCounted.h:220 #5 WTF::DefaultRefDerefTraits<WebKit::WebDataListSuggestionsDropdown>::derefIfNotNull (ptr=0x55857cade850, ptr@entry=0x7f03ed1c4800) at WTF/Headers/wtf/Ref.h:62 #6 WTF::RefPtr<WebKit::WebDataListSuggestionsDropdown, WTF::RawPtrTraits<WebKit::WebDataListSuggestionsDropdown>, WTF::DefaultRefDerefTraits<WebKit::WebDataListSuggestionsDropdown> >::~RefPtr (this=0x7f03ed1c5180) at WTF/Headers/wtf/RefPtr.h:60 #7 WebKit::WebPageProxy::Internals::~Internals (this=0x7f03ed1c4800) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxyInternals.h:153 #8 0x00007f04642eed9e in std::default_delete<WebKit::WebPageProxy::Internals>::operator() (this=<optimized out>, __ptr=0x7f03ed1c4800) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/unique_ptr.h:99 #9 std::unique_ptr<WebKit::WebPageProxy::Internals, std::default_delete<WebKit::WebPageProxy::Internals> >::~unique_ptr (this=0x7f04594eb4a8) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/unique_ptr.h:404 #10 WTF::UniqueRef<WebKit::WebPageProxy::Internals>::~UniqueRef (this=0x7f04594eb4a8) at WTF/Headers/wtf/UniqueRef.h:57 #11 WebKit::WebPageProxy::~WebPageProxy (this=0x7f04594eb480) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:831 #12 0x00007f04642efb92 in WebKit::WebPageProxy::~WebPageProxy (this=0x55857cade850) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:790 #13 0x00007f04643408be in WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref() const::{lambda()#1}::operator()() const (this=<optimized out>) at WTF/Headers/wtf/ThreadSafeRefCounted.h:144 #14 WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref (this=0x55857cade858) at WTF/Headers/wtf/ThreadSafeRefCounted.h:156 #15 WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>::derefIfNotNull (ptr=0x55857cade850) at WTF/Headers/wtf/Ref.h:62 #16 WTF::Ref<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy> >::~Ref (this=0x7f0459572648) at WTF/Headers/wtf/Ref.h:82 #17 WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0::~$_0() (this=0x7f0459572648) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:3484 #18 IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::MouseEvent, WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0>(WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0&&, WTF::ThreadLikeAssertion)::{lambda(IPC::Decoder*)#1}::~ThreadLikeAssertion() (this=0x7f0459572648) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/Connection.h:794 #19 WTF::Detail::CallableWrapper<IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::MouseEvent, WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0>(WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0&&, WTF::ThreadLikeAssertion)::{lambda(IPC::Decoder*)#1}, void, IPC::Decoder*>::~CallableWrapper() (this=0x7f0459572640) at WTF/Headers/wtf/Function.h:47 #20 WTF::Detail::CallableWrapper<IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::MouseEvent, WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0>(WebKit::WebPageProxy::sendMouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > const&, WebKit::NativeWebMouseEvent const&, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)::$_0&&, WTF::ThreadLikeAssertion)::{lambda(IPC::Decoder*)#1}, void, IPC::Decoder*>::~CallableWrapper() (this=0x7f0459572640) at WTF/Headers/wtf/Function.h:47 #21 0x00007f046426bff1 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in=0x7f0459019400, this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #22 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (this=0x7ffde25347a0, in=0x7f0459019400) at WTF/Headers/wtf/CompletionHandler.h:78 #23 IPC::Connection::dispatchMessage (this=0x7f0459049860, decoder=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/Connection.cpp:1312 #24 0x00007f046426c175 in IPC::Connection::dispatchMessage (this=0x7f0459049860, message=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/Connection.cpp:1378 #25 0x00007f046426c6b1 in IPC::Connection::dispatchIncomingMessages (this=0x7f0459049860) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/Connection.cpp:1488 #26 0x00007f04631a615b in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/Function.h:82 #27 WTF::RunLoop::performWork (this=0x7f04590140e0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/RunLoop.cpp:147 #28 0x00007f046320be0d in WTF::RunLoop::RunLoop()::$_0::operator()(void*) const (userData=0x55857cade850, userData@entry=0x7f04590140e0, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #29 WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (userData=0x55857cade850) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:79 #30 0x00007f046320af71 in WTF::RunLoop::$_0::operator() (source=0x55857b4ebfb0, callback=0x7f046320be00 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, userData=0x7f04590140e0, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #31 WTF::RunLoop::$_0::__invoke (source=0x55857b4ebfb0, callback=0x7f046320be00 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, userData=0x7f04590140e0) --Type <RET> for more, q to quit, c to continue without paging--c at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #32 0x00007f046983d787 in g_main_dispatch (context=context@entry=0x55857b4a9950) at ../glib/gmain.c:3348 #33 0x00007f046983f927 in g_main_context_dispatch_unlocked (context=0x55857b4a9950) at ../glib/gmain.c:4197 #34 g_main_context_iterate_unlocked (context=context@entry=0x55857b4a9950, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4262 #35 0x00007f04698400d3 in g_main_context_iteration (context=context@entry=0x55857b4a9950, may_block=may_block@entry=1) at ../glib/gmain.c:4327 #36 0x00007f04696de40d in g_application_run (application=0x55857b4e57c0 [EphyShell], argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2712 #37 0x0000558579a0713e in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:461 More detail on the first few frames: (gdb) bt full #0 0x00007f0468aeb2bd in gtk_accessible_update_children (self=0x55857cade850, child=child@entry=0x55857d3cdad0, state=state@entry=GTK_ACCESSIBLE_CHILD_STATE_REMOVED) at ../gtk/gtkaccessible.c:1334 __inst = 0x55857cade850 __t = 0x55857b4e4a20 [GtkWidget/GInitiallyUnowned] __r = <optimized out> context = <optimized out> #1 0x00007f0468cc8176 in gtk_widget_unparent (widget=0x55857d3cdad0 [GtkPopover]) at ../gtk/gtkwidget.c:2560 priv = <optimized out> old_parent = <optimized out> old_prev_sibling = <optimized out> root = <optimized out> __func__ = "gtk_widget_unparent" #2 0x00007f046448c533 in WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk (this=0x7f04595480c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp:113 _pp = {in = 0x7f04595480e8 "", out = 0x7f04595480e8} _p = 0x55857cade850 _pp = {in = <optimized out>, out = <optimized out>} _p = <optimized out> _destroy = <optimized out> #3 WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk (this=0x7f04595480c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp:102 #4 0x00007f04643389fc in WTF::RefCounted<WebKit::WebDataListSuggestionsDropdown>::deref (this=0x55857cade858) at WTF/Headers/wtf/RefCounted.h:220 #5 WTF::DefaultRefDerefTraits<WebKit::WebDataListSuggestionsDropdown>::derefIfNotNull (ptr=0x55857cade850, ptr@entry=0x7f03ed1c4800) at WTF/Headers/wtf/Ref.h:62 #6 WTF::RefPtr<WebKit::WebDataListSuggestionsDropdown, WTF::RawPtrTraits<WebKit::WebDataListSuggestionsDropdown>, WTF::DefaultRefDerefTraits<WebKit::WebDataListSuggestionsDropdown> >::~RefPtr (this=0x7f03ed1c5180) at WTF/Headers/wtf/RefPtr.h:60 #7 WebKit::WebPageProxy::Internals::~Internals (this=0x7f03ed1c4800) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxyInternals.h:153 #8 0x00007f04642eed9e in std::default_delete<WebKit::WebPageProxy::Internals>::operator() (this=<optimized out>, __ptr=0x7f03ed1c4800) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/unique_ptr.h:99 #9 std::unique_ptr<WebKit::WebPageProxy::Internals, std::default_delete<WebKit::WebPageProxy::Internals> >::~unique_ptr (this=0x7f04594eb4a8) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/unique_ptr.h:404 __ptr = @0x7f04594eb4a8: 0x7f03ed1c4800 #10 WTF::UniqueRef<WebKit::WebPageProxy::Internals>::~UniqueRef (this=0x7f04594eb4a8) at WTF/Headers/wtf/UniqueRef.h:57 #11 WebKit::WebPageProxy::~WebPageProxy (this=0x7f04594eb480) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:831 preferences = {static isRef = <optimized out>, m_ptr = <optimized out>} #12 0x00007f04642efb92 in WebKit::WebPageProxy::~WebPageProxy (this=0x55857cade850) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:790
Attachments
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2024-05-30 14:16:47 PDT
There's a helpful warning before the crash: (epiphany:2): Gtk-WARNING **: 16:16:17.698: Finalizing EphyWebView 0x55d4f7569670, but it still has children left: - GtkPopover 0x55d4f7615fd0 This should probably be a critical rather than a warning.
Michael Catanzaro
Comment 2
2024-05-30 16:30:47 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/29341
EWS
Comment 3
2024-05-31 05:20:03 PDT
Committed
279571@main
(34f75014ef73): <
https://commits.webkit.org/279571@main
> Reviewed commits have been landed. Closing PR #29341 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug